#!/usr/bin/env sh

#创建根CA
root(){
  openssl genrsa -out root/key/cakey.pem 2048
  openssl req -new -key root/key/cakey.pem -out root/key/ca.csr -config root/openssl.cnf
  openssl ca -selfsign -in root/key/ca.csr -out root/key/cacert.crt -config root/openssl.cnf
}

#创建二级CA
agent(){
  openssl genrsa -out agent/key/cakey.pem 2048
  openssl req -new -key agent/key/cakey.pem -out agent/key/ca.csr -config agent/openssl.cnf
  openssl ca -in agent/key/ca.csr -out agent/key/cacert.crt -config root/openssl.cnf
}

#使用二级CA签发服务器端证书
server(){
  openssl genrsa -out server/key/data.yunxi.com.key 2048
  openssl req -new -key server/key/data.yunxi.com.key -out server/key/data.yunxi.com.csr -config server/openssl.cnf
  openssl ca -in server/key/data.yunxi.com.csr -out server/key/data.yunxi.com.crt -config agent/openssl.cnf
  cat server/key/data.yunxi.com.crt agent/key/cacert.crt root/key/cacert.crt | tee server/key/data.yunxi.com_all.crt
}

#使用二级CA签发服务器端证书
#client(){
#  openssl genrsa -out client/key/data.yunxi.com.key 2048
#  openssl req -new -key client/key/data.yunxi.com.key -out client/key/data.yunxi.com.csr -config client/openssl.cnf
#  openssl ca -in client/key/data.yunxi.com.csr -out client/key/data.yunxi.com.crt -config agent/openssl.cnf
#  openssl pkcs12 -export -inkey client/key/data.yunxi.com.key -in client/key/data.yunxi.com.crt -out client/key/data.yunxi.com.pfx
#}

root
agent
server
